Aggregator

Submit #600948 / VDB-314437

Berlin’s data protection commissioner, Meike Kamp, has raised serious alarms over the Chinese AI application DeepSeek, accusing the company of unlawfully transferring personal data of German users to China in violation of the European Union’s stringent General Data Protection Regulation (GDPR). In a statement released on Friday, Kamp highlighted that DeepSeek has failed to demonstrate […]

The post Germany Urges Apple and Google to Ban Chinese AI App DeepSeek Over Privacy Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #600636 / VDB-313608

Palo Alto, California, 30th June 2025, CyberNewsWire

A vulnerability, which was classified as critical, was found in ai-inference-server. Affected is an unknown function of the file /invocations of the component API Inference Endpoint. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-6920. The attack needs to be done within the local network. There is no exploit available.

Вот чем заканчивается, когда говорят «опыт работы не обязателен».

A vulnerability, which was classified as problematic, has been found in ABB Lite Panel Pro up to 1.0.1. This issue affects some unknown processing. The manipulation leads to session expiration. The identification of this vulnerability is CVE-2025-4407. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Hotspot Shield VPN Client 12.9.2. This vulnerability affects unknown code of the component Header Handler. The manipulation of the argument Host leads to injection. This vulnerability was named CVE-2025-40710. The attack can be initiated remotely. There is no exploit available.

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we share some tips on how to lead the move to exposure management. You can read the entire Exposure Management Academy series here.

For years, organizations poured resources into reactive defenses, scrambling to contain breaches once they were already underway. Yet, breaches continue at an alarming rate. There must be a better way. There must be a more proactive way to shrink the attack surface, prioritize true business exposure and reduce the burden on security teams. 

This is the promise of exposure management. And it's rapidly changing the game. As with most change, there is great opportunity ahead. The impact of exposure management on reactive security effectiveness and efficiency will be considerable. We believe that the vulnerability management leaders who drive the move to exposure management today will become the CISOs of tomorrow. 

Change often requires evolution beyond our traditional roles, responsibilities and workflows. Is everyone on board for change? Not always. Maybe your boss or peers need some enlightenment on the value exposure management can offer them and the organization. We know that the move from heavy reliance on traditional threat and incident response to a more proactive, preventive approach requires rethinking existing priorities as they relate to roles, responsibilities and investments. 

In this post, we thought we’d share some tips on how you can join the exposure management discussion as a driver of change rather than just a passenger on the journey. 

Tip 1: Talk about the benefits of balancing your reactive and proactive security posture

Source: Tenable, 2025

Let’s start with the cybersecurity continuum, with the breach line in the middle. To the right lies reactive security, a world of active threats and incidents. The goal there is to minimize impact after an attack has begun. 

Historically, this is where most security expenditures have gone, and for good reason. Breaches used to be the purview of security teams. But now, multiple regulations require breach disclosure. These greater visibility and disclosure requirements can lead to revenue, reputational and customer trust fallout — as well as lawsuits and penalties. 

So how can we prevent those breaches from ever happening? That's the role of proactive exposure management, which has two core objectives:

• Shrink the attack surface: Exposure management actively identifies the viable pathways attackers can exploit to gain access and move laterally.
• Provide critical context: Exposure management gives teams the insights they need to prioritize and protect the critical assets and business functions that matter most. 

Key points to convince your boss:

• Suggest starting small: Mention that many exposure management programs evolve from traditional vulnerability management — and many organizations begin by expanding the scope of visibility and context of their vulnerability management team over time to include externally facing assets, cloud, OT and IoT.
• Highlight deep insights: Talk about how exposure management can help them quantify and align exposure scores to specific business services or units, which makes it easier to communicate risk posture with lines of business, executives and the board of directors. The ability to quantify and align risk posture to what matters is also central to driving investment decisions because you can now understand where you have higher risk, what its impact might be and then justify your resources requirements..

Tip 2: Highlight the limitations and risks of siloed security 

Most organizations operate with multiple security domains or silos. Each operates in isolation, with data trapped in one or even many individual tools. Teams frequently end up having little to no visibility into what’s happening elsewhere. 

And, while your vulnerability management program maturity may be robust, your cloud or identity security might be lagging, or vice versa. Bringing every silo up to snuff requires a people, budget and time investment few organizations can realize in short order. And even if you could undertake that monumental task, you’d still be unable to solve the fundamental problem of siloed security — that it doesn't reflect how attackers operate in the real world. 

Attackers don't respect your carefully constructed security boundaries. They seek out any vulnerability, misconfiguration or access privilege to gain a foothold, move laterally across silos and escalate their privileges. 

Their goals are simple: They want to disrupt your services, hold your operations for ransom or steal sensitive data. Or all of the above. Yet, today, most organizations have no unified view of their attack surface — and siloed security teams are stuck working with tools that tell them very little about how attackers might exploit the attack surface across domains to achieve their goal.

In the face of this threat, the glaring weakness of siloed security comes to light: a lack of context. 

Siloed tools don’t offer the technical context of asset identity and risk relationships across domains that attackers exploit. They also don’t offer business context to help you evaluate the potential impact on your "crown jewel" assets and mission-critical services. Legacy cybersecurity tools generate a veritable Mount Everest of noisy findings. 

Amid the noise, there’s no clear way to isolate true exposures, let alone quantify or business-align them for prioritization. This works to an attacker’s advantage. And it isn't just an exposure problem. It’s also an ROI challenge. Constantly adding point solutions and people in a chase for visibility that might never come will quickly hit a value and scalability plateau. Without a unified approach and the context that comes with it, you’ll quickly start to see staff churn, miss critical exposures and realize sub-optimal return on your existing security investments.

Key points to convince your boss:

• Quantify your current environment: Estimate the human hours lost to manual tasks and cross-silo inefficiencies, such as reporting, and share that with your boss.
• Catalog current struggles: Survey your different siloed teams to gain insights into their daily struggles, such as noise and pushback from IT teams, then communicate that to your boss.
• Take inventory: Consider the potential for shadow IT caused by rapid digital transformation with multi-cloud, IT/OT convergence, IoT and BYOD — and what risks may be going unseen or unmanaged due to an inability to keep pace with a rapidly evolving attack surface and no unified inventory. Connecting that to how exposure management can better protect those assets will be a great proofpoint. 

Tip 3: Share how exposure management closes the context gap by driving better outcomes

Overcoming the context gap demands a unified approach. 

Exposure management scales security horizontally by extending visibility across all assets and risks in your attack surface, actively closing hidden gaps. Then, it adds critical technical and business context to shed light on what truly matters to your organization. These targeted insights enable you to not only effectively remedy exposure but also to prioritize investments that directly align with your business objectives. 

Delivering transformational outcomes

Source: Tenable customer case studies, 2025 

As the image above demonstrates, companies that move to exposure management can reap significant benefits. Siloed tools lack critical technical context (attack path relationships) and business context (an understanding of the impact on mission-critical data, applications and revenue streams) across domains. Exposure management fills in gaps that siloed tools can miss, and delivers the context that both proactive and reactive security teams need to do their jobs more effectively. The benefits don’t end there. 

One customer, TB Consulting (TBC), saw a tenfold increase in visibility into the number of assets tracked — identifying assets formerly not seen or managed, such as containers and Kubernetes environments. With a unified exposure management platform, TBC reduced the time it takes to gather data across multiple siloed tools by 75%. 

With added technical and business context for prioritization and related automations, the company reduced the volume of tickets it was generating from its SOC by 82% — from 1,700 to 300. 

With exposure management, the team sped up delivery of required capabilities — completing in three months what they’d been trying to build in-house for 24 months. 

Numbers like these are always compelling. And the impact on your work will be even more profound. 

Because you can see asset identity, risk relationships and their impact on your most vital assets, you can focus on true exposure rather than getting buried in the noise. You’ll narrow the attack surface for your reactive security teams while adding rich context to identify real threats and incidents so you can break attack paths before they cause material damage.

Key points to convince your boss:

• Talk about closing visibility gaps: Share how you’ll be able to discover previously unseen assets like containers, Kubernetes, OT and IoT identities.
• Underscore the value of unification on scale and productivity: An exposure management platform can gather all your security data into a single store. Once there, you can automate analysis, instead of relying on manual aggregation and ineffective prioritization. This is something your boss will value.
• Focus on what matters: Let your boss know that exposure management will mean reduced exposure and security incidents for the business. SOC will be able to quickly visualize attack paths and potential impact to the organization and break attack chains, rather than sifting through all the noise.

Takeaways

Exposure management is about balancing proactive and reactive security to get ahead of attackers. 

It aligns resources with the things that matter most to the business, and provides quantifiable data points that enable wise, informed investment decisions. Exposure management is not just a vision. It’s how many security leaders are driving greater value from their existing security programs today. 

More importantly, it's a path forward that you can help chart for your leadership team and organization as a whole. Exposure management provides a natural progression path for you from domain practitioner to future security leader.

Tell your boss that the future of cybersecurity is proactive, unified and business-aligned. The future is exposure management and you can help drive that transformation for your organization

Learn more

• Check out the Tenable exposure management resource center to discover the value of exposure management and explore resources to help you stand up a continuous threat exposure management program.

Canada bans Hikvision over national security concerns, ordering the company to stop operations and barring its tech from government use. Canada ordered Chinese surveillance firm Hikvision to cease all operations in the country, citing national security concerns. Minister Mélanie Joly announced the decision after a security review found vendor’s activities could pose a threat. Canada […]

越来越多的人开始认识到，生成式 AI 不是来帮助他们提高生产力的，而是降低成本，让亿万富翁们更加富有。对 AI 的反对之声正逐渐高涨。根据皮尤研究中心（Pew Research Center）的调查，在 ChatGPT 发布前，有 38% 的美国人对 AI 在日常生活中的广泛应用感到担忧而不是兴奋；到 2023 年底，随着生成式 AI 的快速传播，对 AI 的担忧增加到了 52%，之后一直徘徊在同一水平。AI 的好处是晦涩而平淡的，但它的危害则是显而易见且立竿见影。AI 需要建造更多数据中心，而新数据中心主要依赖于火电，火电会污染空气、水和土壤，影响当地社区。20 世纪的创新生态是让更多的人更容易获得成功的机会，但生成式 AI 主要受益者是那些已经拥有资源的人，他们想要在生产环节摆脱人工。

A vulnerability classified as problematic was found in Adobe Photoshop. This vulnerability affects unknown code of the component TIFF Image Handler. The manipulation leads to improper resource management. This vulnerability was named CVE-2012-2027. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information. [...]

A vulnerability, which was classified as problematic, has been found in Indexcor ezDatabase 2.1.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument p leads to path traversal. The identification of this vulnerability is CVE-2005-4302. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Openfreeway Freeway 1.4.1.171. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Language leads to path traversal. This vulnerability is known as CVE-2008-3770. The attack can be launched remotely. Furthermore, there is an exploit available.

Remote sites are not just extensions of the corporate headquarters. They’re active, data-rich domains where local interactions quietly shape broader service outcomes. Yet problems at the edge are often slow to surface and hard to resolve. That’s starting to change. Intelligent edge environments are beginning to...

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in particular, has captured the attention of infosec professionals due to its similarity to CVE-2023-4966, aka CitrixBleed. Consequently, CVE-2025-5777 has been informally dubbed “CitrixBleed 2” by security researcher Kevin Beaumont. Both CitrixBleed and CitrixBleed … More →

The post CitrixBleed 2 might be actively exploited (CVE-2025-5777) appeared first on Help Net Security.

Germany’s data protection authorities have escalated their scrutiny of Chinese artificial intelligence applications, with Berlin’s data protection commissioner Meike Kamp formally requesting Apple and Google to review and potentially remove DeepSeek from their respective app stores. The move, announced on June 27, 2025, represents a significant regulatory challenge for the popular AI chatbot that has […]

The post Germany Urges Apple, Google to Block Chinese AI App DeepSeek Over Privacy Rules appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in code-projects Car Rental System 1.0. This issue affects some unknown processing of the file /signup.php. The manipulation of the argument fname leads to sql injection. The identification of this vulnerability is CVE-2025-6905. The attack may be initiated remotely. Furthermore, there is an exploit available.

Пока ФБР ловило наркобаронов, наркобароны уже давно ловили ФБР в свои сети.